Aligning organizational culture with ISO 27001 ISMS : a case study of ABC Technologies in software sector in Sri Lanka

Abstract

This thesis aims to identify how the ABC Technologies, a Sri Lankan software company’s organizational culture plays a role in implementing the ISO 27001 Information Security Management System (ISMS). The expansion of the software industry in Sri Lanka, especially in the ITES sector, underlines the importance of adopting sound information security mechanisms, which make the adoption of ISO 27001 essential. The paper aims to discover effects of organizational culture related to the adoption and efficiency of ISO 27001 ISMS practices, expose cultural enablers and barriers, and assess the leadership’s contribution to optimal conditions for ISMS. This is a cross-sectional study that uses interviews of ABC Technologies and quantitative data from the identified quantitative variables from the employees. The study uses the Theory of Planned Behavior, Diffusion of Innovations Theory and Cultural Dimensions Theory to understand the relationship between organizational commitment to change, information security awareness programs and alignment of cultural values with ISO 27001 ISMS. The study shows that practical years of leadership commitment, security awareness, tailored security programs, and an organization’s culture of embracing information security are essential to implementing ISO 27001. The research findings suggest that ABC Technologies should focus on ways of strengthening its ISMS practices, including increasing the security orientation of the company’s employees, increasing management commitment, and designing security education programs. These insights are significant in supporting ABC Technologies’ cultural practices that are in synchrony with the international security systems, and these findings are useful for other organizations as well.